NAT/PAT SIP problem

Unanswered Question
Feb 9th, 2009

Hello.

I think i'm experimenting a weird behavior in my Cisco 2600 Router. I have a interface (FastEthernet 0/0) with a public IP, and the other interface with a private IP (Fastethernet 0/1).

In the private side i have a SIP device making calls to a proxy SIP ni the public side. When the calls is passing through the NAT i see the next debug :

*Mar 1 00:15:55.687: NAT: [0] Allocated Port for 10.0.0.3 -> 200.10.11.220: wanted 2080 got 2080

*Mar 1 00:15:55.687: NAT: i: udp (10.0.0.3, 2080) -> (200.10.10.43, 53) [19574]

*Mar 1 00:15:55.687: NAT: s=10.0.0.3->200.10.11.220, d=200.10.10.43 [19574]

*Mar 1 00:15:55.691: NAT: o: udp (200.10.10.43, 53) -> (200.10.11.220, 2080) [34956]

*Mar 1 00:15:55.691: NAT: s=200.10.10.43, d=200.10.11.220->10.0.0.3 [34956]

*Mar 1 00:15:55.711: NAT: [0] Allocated Port for 10.0.0.3 -> 200.10.11.220: wanted 30025 got 1025

*Mar 1 00:15:55.715: NAT: i: udp (10.0.0.3, 5060) -> (200.10.10.110, 5060) [19575]

*Mar 1 00:15:55.715: NAT: SIP: [0] processing INVITE message

*Mar 1 00:15:55.715: NAT: SIP: [0] translated embedded address 10.0.0.3->200.10.11.220

*Mar 1 00:15:55.715: NAT: SIP: [0] translate embedded port 5060->30025

*Mar 1 00:15:55.719: NAT: SIP: [0] translated embedded address 10.0.0.3->200.10.11.220

*Mar 1 00:15:55.719: NAT: SIP: [0] No port present. Use new port 5060->30025

*Mar 1 00:15:55.719: NAT: SIP: [0] message body found

*Mar 1 00:15:55.723: NAT: create door to inside: udp (0.0.0.0/*, 0/*) -> (200.10.11.220, 23156)

*Mar 1 00:15:55.723: NAT: create door to inside: udp (0.0.0.0/*, 0/*) -> (200.10.11.220, 23157)

*Mar 1 00:15:55.727: NAT: SIP: old_sdp_len:281 new_sdp_len :286

*Mar 1 00:15:55.727: NAT: UDP s=5060->1025, d=5060

*Mar 1 00:15:55.727: NAT: s=10.0.0.3->200.10.11.220, d=200.10.10.110 [19575]

*Mar 1 00:15:55.731: NAT: o: udp (200.10.10.110, 5060) -> (200.10.11.220, 1025) [0]

*Mar 1 00:15:55.735: NAT: SIP: [1] processing SIP/2.0 407 Proxy Authentication Required message

this is just a snippet from the debug.

What i can't understand is this line :

*Mar 1 00:15:55.711: NAT: [0] Allocated Port for 10.0.0.3 -> 200.10.11.220: wanted 30025 got 1025

Why the router "denies" the port 30025 and uses the 1025 insted?. I have a static route that forces the use of the 30025 port.

I need to map the port 5060 to the port 30025 for that IP in particular, but is not working.

Can somone tell me if i'm missing something? This is my configuration :

interface FastEthernet0/0

ip address 200.10.11.220 255.255.255.224

ip nat outside

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 10.0.0.2 255.255.255.224

ip access-group 107 in

ip nat inside

duplex auto

speed auto

!

ip nat pool ovrld 200.10.11.220 200.10.11.220 prefix-length 27

ip nat inside source list 7 pool ovrld overload

ip nat inside source static udp 10.0.0.3 5060 200.10.11.220 30025 extendable

no ip http server

ip classless

ip route 0.0.0.0 0.0.0.0 200.10.11.193

ip route 10.0.0.0 255.255.255.224 FastEthernet0/1

!

!

access-list 7 permit 10.0.0.0 0.0.0.27

access-list 7 deny any log

Can someone help me here?

Regards,

Ricardo

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion